CISA Adds One Known Exploited Vulnerability to Catalog
Summary
CISA added CVE-2026-25108, a Soliton Systems K.K. FileZen OS Command Injection Vulnerability, to its Known Exploited Vulnerabilities (KEV) Catalog. This vulnerability is actively exploited and poses a significant risk, especially to the federal enterprise. CISA urges all organizations to prioritize remediation of KEV Catalog vulnerabilities.
IFF Assessment
A new actively exploited vulnerability has been added to CISA's KEV catalog, indicating an increased risk for organizations.
Severity
Defender Context
The addition of CVE-2026-25108 to the KEV catalog means defenders should prioritize patching this vulnerability. OS Command Injection vulnerabilities are frequently exploited, and organizations should ensure they have proper vulnerability management practices in place to identify and remediate such risks promptly. The KEV catalog serves as a prioritized list of vulnerabilities known to be actively exploited in the wild.